locked
ADFS invalid username or password information using /adfs/services/trust/13/usernamemixed RRS feed

  • Question

  • Hello,

    I'm using ADFS: /adfs/services/trust/13/usernamemixed

    When I use the code below with correct username and password then everywhting is fine but when I change password or username then I would expect the subCode.Name to be "FailedAuthentication" and the 

    subCode.Namespace to be "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" 

    This way it would be easy to identify the problem end inform client about it (for example by returning http 401)

    But what I get is: subCode: InternalServiceFault 

    Event though on ADFS machine in event viewer there is log:

    %Error message: 
    test.sys\test-The user name or password is incorrect 

    Exception details: 
    System.IdentityModel.Tokens.SecurityTokenValidationException: test.sys\test ---> System.ComponentModel.Win32Exception: The user name or password is incorrect

    Can it be set somewhere on ADFS configuration, what am I doing wrong here? 

    var endpointAddress =
    var endpointAddress =
                    new EndpointAddress("https://test/adfs/services/trust/13/usernamemixed");
                var binding = new Binding();
                var endpointReference = new EndpointReference("test");
                WSTrustChannelFactory trustChannelFactory = new WSTrustChannelFactory(binding, endpointAddress);
                trustChannelFactory.Credentials.UserName.UserName = "test";
                trustChannelFactory.Credentials.UserName.Password = "test";
    
                WSTrustChannel channel = (WSTrustChannel)trustChannelFactory.CreateChannel();
                
                var rst = new RequestSecurityToken
                {
                    RequestType = RequestTypes.Issue,
                    AppliesTo = endpointReference,
                    KeyType = KeyTypes.Bearer,
                    TokenType = "urn:oasis:names:tc:SAML:2.0:assertion"
                };
                
                RequestSecurityTokenResponse rstr = null;
                try
                {
                    SecurityToken token = channel.Issue(rst, out rstr);
                }
                catch (FaultException e)
                {
                    Console.WriteLine(e.Code.SubCode.Name);
                }


    • Edited by snorlaks Monday, April 23, 2018 9:21 PM
    Monday, April 23, 2018 9:05 PM